βΌ CVE-2023-45906 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45907 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20598 βΌ
π Read
via "National Vulnerability Database".
An improper privilege management in the AMD RadeonΓ’βΒ’Γ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45902 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43959 βΌ
π Read
via "National Vulnerability Database".
An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45905 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.π Read
via "National Vulnerability Database".
βοΈ Tech CEO Sentenced to 5 Years in IP Address Scheme βοΈ
π Read
via "Krebs on Security".
Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan's sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.π Read
via "Krebs on Security".
Krebs on Security
Tech CEO Sentenced to 5 Years in IP Address Scheme
Amir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan's sentencing comes nearly two years after he pleaded guilty to using an elaborate networkβ¦
β€1
π΄ Watch Out: Attackers Are Hiding Malware in 'Browser Updates' π΄
π Read
via "Dark Reading".
Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.π Read
via "Dark Reading".
Dark Reading
Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.
βΌ CVE-2023-27133 βΌ
π Read
via "National Vulnerability Database".
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27132 βΌ
π Read
via "National Vulnerability Database".
TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product.π Read
via "National Vulnerability Database".
π΄ UAE, US Partner to Bolster Financial Services Cybersecurity π΄
π Read
via "Dark Reading".
The two countries agree to share financial services information and provide cross-border training and best practices.π Read
via "Dark Reading".
Dark Reading
UAE, US Partner to Bolster Financial Services Cybersecurity
The two countries agree to share financial services information and provide cross-border training and best practices.
π΄ 'Etherhiding' Blockchain Technique Masks Malicious Code in WordPress Sites π΄
π Read
via "Dark Reading".
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.π Read
via "Dark Reading".
Dark Reading
'Etherhiding' Blockchain Technique Masks Malicious Code in WordPress Sites
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
π΄ Zero-Day Alert: Ten Thousand Cisco IOS XE Systems Now Compromised π΄
π Read
via "Dark Reading".
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.π Read
via "Dark Reading".
Dark Reading
Zero-Day Alert: Thousands of Cisco IOS XE Systems Now Compromised
Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigationβ¦
π¦Ώ New Netskope Report Exposes Increasing Use of Cloud Apps to Spread Malware π¦Ώ
π Read
via "Tech Republic".
Microsoft OneDrive accounts for 26% of the overall usage of cloud storage apps to host malware, ahead of Microsoft PowerPoint and GitHub.π Read
via "Tech Republic".
TechRepublic
New Netskope Report Exposes Increasing Use of Cloud Apps to Spread Malware
This new Cloud and Threat report covers the first three quarters of 2023 and exposes the top techniques used by cyberattackers.
π΄ Amazon Quietly Wades Into the Passkey Waters π΄
π Read
via "Dark Reading".
The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.π Read
via "Dark Reading".
Dark Reading
Amazon Quietly Wades Into the Passkey Waters
The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.
π΄ Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack π΄
π Read
via "Dark Reading".
Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.π Read
via "Dark Reading".
Dark Reading
Chatbot Offers Roadmap for How to Conduct a Bio Weapons Attack
Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.
π¦Ώ New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers π¦Ώ
π Read
via "Tech Republic".
The number of devices exposing the web UI on the internet, a timeline and technical details about this malicious activity, and tips for mitigating this zero-day threat are featured.π Read
via "Tech Republic".
TechRepublic
New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers
This new, critical zero-day vulnerability affecting the web UI of Cisco IOS XE software is being exploited in the wild.
βΌ CVE-2023-45803 βΌ
π Read
via "National Vulnerability Database".
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4896 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45951 βΌ
π Read
via "National Vulnerability Database".
lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45952 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file.π Read
via "National Vulnerability Database".